From 2a3d171c1014ce09dc28c87c52e8b10815b5b96f Mon Sep 17 00:00:00 2001 From: witchcraze <67056980+witchcraze@users.noreply.github.com> Date: Fri, 27 Sep 2024 21:53:35 +0900 Subject: [PATCH] fix: improve node classifier version matching (#3284) Signed-off-by: witchcraze --- .../binary/classifier_cataloger_test.go | 30 ++++++++++++++++++ syft/pkg/cataloger/binary/classifiers.go | 10 ++++-- .../snippets/node/0.10.48/linux-amd64/node | Bin 0 -> 348 bytes .../snippets/node/0.12.18/linux-amd64/node | Bin 0 -> 349 bytes .../snippets/node/4.9.1/linux-amd64/node | Bin 0 -> 349 bytes .../binary/test-fixtures/config.yaml | 21 ++++++++++++ 6 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/node/0.10.48/linux-amd64/node create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/node/0.12.18/linux-amd64/node create mode 100644 syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/node/4.9.1/linux-amd64/node diff --git a/syft/pkg/cataloger/binary/classifier_cataloger_test.go b/syft/pkg/cataloger/binary/classifier_cataloger_test.go index b9c28a51f..fab2acce7 100644 --- a/syft/pkg/cataloger/binary/classifier_cataloger_test.go +++ b/syft/pkg/cataloger/binary/classifier_cataloger_test.go @@ -625,6 +625,36 @@ func Test_Cataloger_PositiveCases(t *testing.T) { Metadata: metadata("go-binary"), }, }, + { + logicalFixture: "node/0.10.48/linux-amd64", + expected: pkg.Package{ + Name: "node", + Version: "0.10.48", + PURL: "pkg:generic/node@0.10.48", + Locations: locations("node"), + Metadata: metadata("nodejs-binary"), + }, + }, + { + logicalFixture: "node/0.12.18/linux-amd64", + expected: pkg.Package{ + Name: "node", + Version: "0.12.18", + PURL: "pkg:generic/node@0.12.18", + Locations: locations("node"), + Metadata: metadata("nodejs-binary"), + }, + }, + { + logicalFixture: "node/4.9.1/linux-amd64", + expected: pkg.Package{ + Name: "node", + Version: "4.9.1", + PURL: "pkg:generic/node@4.9.1", + Locations: locations("node"), + Metadata: metadata("nodejs-binary"), + }, + }, { logicalFixture: "node/19.2.0/linux-amd64", expected: pkg.Package{ diff --git a/syft/pkg/cataloger/binary/classifiers.go b/syft/pkg/cataloger/binary/classifiers.go index f12998069..fa4fcd870 100644 --- a/syft/pkg/cataloger/binary/classifiers.go +++ b/syft/pkg/cataloger/binary/classifiers.go @@ -153,8 +153,14 @@ func DefaultClassifiers() []Classifier { { Class: "nodejs-binary", FileGlob: "**/node", - EvidenceMatcher: FileContentsVersionMatcher( - `(?m)node\.js\/v(?P[0-9]+\.[0-9]+\.[0-9]+)`), + EvidenceMatcher: evidenceMatchers( + // [NUL]node v0.10.48[NUL] + // [NUL]v0.12.18[NUL] + // [NUL]v4.9.1[NUL] + // node.js/v22.9.0 + FileContentsVersionMatcher(`(?m)\x00(node )?v(?P(0|4|5)\.[0-9]+\.[0-9]+)\x00`), + FileContentsVersionMatcher(`(?m)node\.js\/v(?P[0-9]+\.[0-9]+\.[0-9]+)`), + ), Package: "node", PURL: mustPURL("pkg:generic/node@version"), CPEs: singleCPE("cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", cpe.NVDDictionaryLookupSource), diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/node/0.10.48/linux-amd64/node b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/node/0.10.48/linux-amd64/node new file mode 100644 index 0000000000000000000000000000000000000000..c26292bbae83fb8a66a0e9b7e22b777d5f3f5c3d GIT binary patch literal 348 zcmZ9H!D<6B3`F-eO7N1hIp@c5BSZs7DAR`lXIwbS~B}?ax zh}Tq-HB_V}>q0iDwNi`40{FWM{Jsfwf-()m^aZz-y0=@U)XX*3%M9x^U~^}1#g)bt rbWAh5n+wI%7ho|`_^`EI`xy-_s-D58KeEjRzk8n3vInRe5-+g1j literal 0 HcmV?d00001 diff --git a/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/node/0.12.18/linux-amd64/node b/syft/pkg/cataloger/binary/test-fixtures/classifiers/snippets/node/0.12.18/linux-amd64/node new file mode 100644 index 0000000000000000000000000000000000000000..24e280dcb88452873aee068066b35e5b42a66103 GIT binary patch literal 349 zcmY+8yKciU3`ITbD+B}?9q4V@K)<4E7t*3)ql)ZWN{aq{m7*QWg*fLD7tC;@iRUd4 z+hQzKCoYw6+IY(nSM0T(DZ1(V``-5N8|$`lfu4G!CFO z8ZyyoYexw-q6Ot0jfPlU6aAHeP%e(*Su-dj+DLFZfb}4}69$4*&Jcz<8Zmf895G5C z0*ye%&WxQ-Cyrm0`0ty%Zai)&ZJ)eF?ER(d`#^ZV_WO3!Mvv|xE>c~jZwY0RfkK0%?t;UHKGzma%mS$)81_dK%zR)_?TMMA)$C|f|>g&yev1btyxoB;Iq#gKZfdYB$1_z1Ij@S>z zDbzRwJw)vc48a65ShBq#ikhdq&_7H?6^sHGl~bcpXc|N|ppFz#CmRt5FfwSVRS$sP zJE@Y@O3HRv!};lS65*?o_?sze5veRo`4p|<>nxDMW1eXjex|i{oPFqS>?FGvd@OV= z9{jbGZGJy!XR?D%O7^|v(7fzB`Sg5wV}7TD8QXqyeEe!cU;Tu6XVbQqdp_ue J-YM40#}C3pXbS)U literal 0 HcmV?d00001 diff --git a/syft/pkg/cataloger/binary/test-fixtures/config.yaml b/syft/pkg/cataloger/binary/test-fixtures/config.yaml index 36c1c0425..61db2433d 100644 --- a/syft/pkg/cataloger/binary/test-fixtures/config.yaml +++ b/syft/pkg/cataloger/binary/test-fixtures/config.yaml @@ -256,6 +256,27 @@ from-images: paths: - /usr/local/openresty/nginx/sbin/nginx + - version: 0.10.48 + images: + - ref: node:0.10.48@sha256:c32b4d56f05c69df6e87d06bf7d5f6a5c6a0e7bcdb8e5ffab0e7a1853a90008f + platform: linux/amd64 + paths: + - /usr/local/bin/node + + - version: 0.12.18 + images: + - ref: node:0.12.18@sha256:02e8e9903c8d974e8874d0144413d398a41d62f54bafec4d2cf3ac2a8501dd28 + platform: linux/amd64 + paths: + - /usr/local/bin/node + + - version: 4.9.1 + images: + - ref: node:4.9.1@sha256:41d0ad2557ea2a9e57e1a458c1d659e92f601586e07dcffef74c9cef542f6f6e + platform: linux/amd64 + paths: + - /usr/local/bin/node + - version: 19.2.0 images: - ref: node:19.2.0@sha256:9bf5846b28f63acab0ccb0a39a245fbc414e6b7ecd467282f58016537c06e159